Re: Group Policy and user level access
- From: Falcon1 <Falcon1@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 20 Apr 2007 05:38:02 -0700
Hi Dana,
Well in most companies nowadays you need to control what a user can do on
their computers for a lot of reasons. If you go in places such has
Desjardins, Canadian Aviation Electronics (CAE), Merck Frost ect... Security
is taking extremely seriously much more than what we need to implant in my
case, these are a couple of examples which have happened in our companie that
seriously cost money and time to repair and have delayed critial projects:
- You need to control what gets installed on their computer. If a user
installs a lot of non-approved softwares (Screensavers, toolbars, illegal
softwares ect...) that will slow down their computers, might even crash it.
- We get audited by Microsoft every once in a while, I have users that
unfortunately do not understand that part and they install illegal softwares
such as some of Microsoft of their computers.
- Spyware is a major problem today so by removing admin rights it will be
harder for such softwares to install automatically. And spyware can gahter
very confidential data.
- Plus removing admin rights shouldn't affect the users productivity, in
fact it should boost it, they have less time to fool in what they are not
hired to do and users normally do not have a whole picture in all the
inter-softwares bugs which we do have (Not a lot but enough to make a user
have critical downtimes)
I hope this answer your questions?
"Dana" wrote:
.
"Falcon1" <Falcon1@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A8B0CD29-813E-4509-88CA-97AD85252E88@xxxxxxxxxxxxxxxx
Hi,
We are running Windows XP Pro and 2000 Pro on our computers. I'm in the
process of learning Group Policies and how to create, manage, deploy and
troubleshoot them (AD is still on 2000 Server based)
My 2x questions are:
How come when I remove the local Administrator rights to a user and leave
him on a basic user level access we run into all kinds of software issues
that we do not have if the user is part of the admin group. Such as
Outlook
printing issues that can't create documents in Temp folders and so many
other
sotwares having all kind of hickup behaviors?
Why do you want to interfere in the productivity of others.
My second question is it possible to leave my users in the local admin
groups but with group policy deny them the rights to install or remove any
applications? If so how?
Why do you want to limit what a person can or cannot do.
Any help will be greatly appreciated since I'm kind of in a nightmare in
troubleshooting and administering all of what goes on the users computers
Thank you
Gabriel
- Follow-Ups:
- Re: Group Policy and user level access
- From: Dana
- Re: Group Policy and user level access
- References:
- Re: Group Policy and user level access
- From: Dana
- Re: Group Policy and user level access
- Prev by Date: Re: Encryption
- Next by Date: Re: Group Policy and user level access
- Previous by thread: Re: Group Policy and user level access
- Next by thread: Re: Group Policy and user level access
- Index(es):
Relevant Pages
|
|
